The current security—SSL page configures web UI SSL servers only. The Suite B features are not supported on the web UI. The following are requirements for a web UI design:
-
The web UI implicitly uses a TA profile named “default”. If the TA certificate installed on the switch is associated with a profile of another name, the TA certificate is read-only to the web UI. See Trust anchor profile.
-
The web UI supports local certificate enrollment with an implicit usage of ’web’. See Local certificate enrollment – manual mode.
-
The web UI supports self-signed local certificate enrollment with an implicit usage of ‘web’. See Local certificate enrollment – manual mode.
-
The web UI shows the TA certificate and the configured SSL server certificate with ‘web’ usage with any intermediate certificates in the chain. The display will match the Certificate Detail format as described in Show profile specific.
-
The web UI must be able to replace an SSL server certificate (as it currently does.)
-
The web UI does not need to provide ‘zeroization’ of any certificates. See Zeroization.
The following figure shows the results if the user clicks Security — SSL. Details about each panel/widow in the SSL page are given below.
The SSL panel displays Certificate Management features.
The Trust Anchor (TA) Certificates Panel displays information and status for TA profiles. Buttons, Install and Remove, install new TA profiles or remove existing ones.
To install a new TA certificate, click Install. The install screen appears and prompts for certificate location. Click the Upload button to upload the new TA certificate to the switch. Click Cancel to abort the installation.
A default TA profile is automatically created when the conditions explained in section have been satisfied.
Switch Identity Profile displays the details of switch identity profile, if already configured with the CLI. Otherwise displays Switch Identity Profile is not configured.
The Installed Certificates panel displays the certificate profile, usage, key size, status, type, beginning and end date for currently installed certificates.
View Certificate displays all certificates in the certificate chain. The view certificate list displays the local certificate, up to three intermediate certificates and one TA certificate.
When a certificate is selected, a detailed view of the certificate is displayed in a popup window.
The Certificate Requests panel displays the status of currently requested certificate.
Within the panel the Create Self-Signed Certificate link is available.
The status and type of a current certificate requested could be:
Any existing certificate will be replaced with one of the same name. A non-default TA Profile with a certificate configured with usage of web will not be allowed.
|
Creates a self-signed certificate. Upon selection of this link, an edit request form becomes available which provides all required information for the creation of the certificate. |
|
|
|
![[NOTE: ]](images/note.gif) |
NOTE: The default TA Profile is called Default. |
|
|
The Certificate Request field have the following constraints:
| Common Name (CN) – must be present, max length 90. Common Name should be preset with value from Switch ID profile if one exists. |
| Organizational Unit Name (OU) – preferred, max length 100. |
| Organization Name (O) – preferred, max length 100. |
| Locality (L) – optional, max length 100. |
| State (ST) – optional, max length 100. |
| Country (C) – preferred, max length 2. |
| Start Date — Preset with current date. |
| End Date — Preset with current date + 1 year. |
Select Install when the form has been completed to Install this certificate to the switch.